conjur-api 5.3.7.pre.168 → 5.3.8.pre.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- metadata +21 -190
- data/.codeclimate.yml +0 -10
- data/.dockerignore +0 -1
- data/.github/CODEOWNERS +0 -10
- data/.gitignore +0 -32
- data/.gitleaks.toml +0 -219
- data/.overcommit.yml +0 -16
- data/.project +0 -18
- data/.rubocop.yml +0 -3
- data/.rubocop_settings.yml +0 -86
- data/.rubocop_todo.yml +0 -709
- data/.yardopts +0 -1
- data/CHANGELOG.md +0 -433
- data/CONTRIBUTING.md +0 -141
- data/Dockerfile +0 -16
- data/Gemfile +0 -7
- data/Jenkinsfile +0 -167
- data/LICENSE +0 -202
- data/README.md +0 -162
- data/Rakefile +0 -47
- data/SECURITY.md +0 -42
- data/bin/parse-changelog.sh +0 -12
- data/ci/configure_v4.sh +0 -12
- data/ci/configure_v5.sh +0 -14
- data/ci/submit-coverage +0 -36
- data/conjur-api.gemspec +0 -40
- data/dev/Dockerfile.dev +0 -12
- data/dev/docker-compose.yml +0 -56
- data/dev/start +0 -17
- data/dev/stop +0 -5
- data/docker-compose.yml +0 -76
- data/example/demo_v4.rb +0 -49
- data/example/demo_v5.rb +0 -57
- data/features/authenticators.feature +0 -33
- data/features/authn_local.feature +0 -32
- data/features/exists.feature +0 -37
- data/features/group.feature +0 -11
- data/features/host.feature +0 -50
- data/features/host_factory_create_host.feature +0 -28
- data/features/host_factory_token.feature +0 -63
- data/features/load_policy.feature +0 -61
- data/features/members.feature +0 -51
- data/features/new_api.feature +0 -36
- data/features/permitted.feature +0 -70
- data/features/permitted_roles.feature +0 -30
- data/features/public_keys.feature +0 -11
- data/features/resource_fields.feature +0 -53
- data/features/role_fields.feature +0 -15
- data/features/rotate_api_key.feature +0 -13
- data/features/step_definitions/api_steps.rb +0 -18
- data/features/step_definitions/policy_steps.rb +0 -75
- data/features/step_definitions/result_steps.rb +0 -7
- data/features/support/env.rb +0 -18
- data/features/support/hooks.rb +0 -3
- data/features/support/world.rb +0 -12
- data/features/update_password.feature +0 -14
- data/features/user.feature +0 -58
- data/features/variable_fields.feature +0 -20
- data/features/variable_value.feature +0 -60
- data/features_v4/authn_local.feature +0 -27
- data/features_v4/exists.feature +0 -29
- data/features_v4/host.feature +0 -18
- data/features_v4/host_factory_token.feature +0 -49
- data/features_v4/members.feature +0 -39
- data/features_v4/permitted.feature +0 -15
- data/features_v4/permitted_roles.feature +0 -8
- data/features_v4/resource_fields.feature +0 -47
- data/features_v4/rotate_api_key.feature +0 -13
- data/features_v4/step_definitions/api_steps.rb +0 -17
- data/features_v4/step_definitions/result_steps.rb +0 -3
- data/features_v4/support/env.rb +0 -23
- data/features_v4/support/policy.yml +0 -34
- data/features_v4/support/world.rb +0 -12
- data/features_v4/variable_fields.feature +0 -11
- data/features_v4/variable_value.feature +0 -54
- data/lib/conjur/acts_as_resource.rb +0 -123
- data/lib/conjur/acts_as_role.rb +0 -142
- data/lib/conjur/acts_as_rolsource.rb +0 -32
- data/lib/conjur/acts_as_user.rb +0 -68
- data/lib/conjur/api/authenticators.rb +0 -35
- data/lib/conjur/api/authn.rb +0 -125
- data/lib/conjur/api/host_factories.rb +0 -71
- data/lib/conjur/api/ldap_sync.rb +0 -38
- data/lib/conjur/api/policies.rb +0 -56
- data/lib/conjur/api/pubkeys.rb +0 -53
- data/lib/conjur/api/resources.rb +0 -109
- data/lib/conjur/api/roles.rb +0 -98
- data/lib/conjur/api/router/v4.rb +0 -206
- data/lib/conjur/api/router/v5.rb +0 -248
- data/lib/conjur/api/variables.rb +0 -59
- data/lib/conjur/api.rb +0 -105
- data/lib/conjur/base.rb +0 -355
- data/lib/conjur/base_object.rb +0 -57
- data/lib/conjur/build_object.rb +0 -47
- data/lib/conjur/cache.rb +0 -26
- data/lib/conjur/cert_utils.rb +0 -63
- data/lib/conjur/cidr.rb +0 -71
- data/lib/conjur/configuration.rb +0 -460
- data/lib/conjur/escape.rb +0 -129
- data/lib/conjur/exceptions.rb +0 -4
- data/lib/conjur/group.rb +0 -41
- data/lib/conjur/has_attributes.rb +0 -98
- data/lib/conjur/host.rb +0 -27
- data/lib/conjur/host_factory.rb +0 -75
- data/lib/conjur/host_factory_token.rb +0 -78
- data/lib/conjur/id.rb +0 -71
- data/lib/conjur/layer.rb +0 -9
- data/lib/conjur/log.rb +0 -72
- data/lib/conjur/log_source.rb +0 -60
- data/lib/conjur/policy.rb +0 -34
- data/lib/conjur/policy_load_result.rb +0 -61
- data/lib/conjur/query_string.rb +0 -12
- data/lib/conjur/resource.rb +0 -29
- data/lib/conjur/role.rb +0 -29
- data/lib/conjur/role_grant.rb +0 -85
- data/lib/conjur/routing.rb +0 -29
- data/lib/conjur/user.rb +0 -40
- data/lib/conjur/variable.rb +0 -208
- data/lib/conjur/webservice.rb +0 -30
- data/lib/conjur-api/version.rb +0 -24
- data/lib/conjur-api.rb +0 -2
- data/publish.sh +0 -7
- data/spec/api/host_factories_spec.rb +0 -34
- data/spec/api_spec.rb +0 -254
- data/spec/base_object_spec.rb +0 -13
- data/spec/cert_utils_spec.rb +0 -173
- data/spec/cidr_spec.rb +0 -34
- data/spec/configuration_spec.rb +0 -330
- data/spec/has_attributes_spec.rb +0 -63
- data/spec/helpers/errors_matcher.rb +0 -34
- data/spec/helpers/request_helpers.rb +0 -10
- data/spec/id_spec.rb +0 -29
- data/spec/ldap_sync_spec.rb +0 -21
- data/spec/log_source_spec.rb +0 -13
- data/spec/log_spec.rb +0 -42
- data/spec/roles_spec.rb +0 -24
- data/spec/spec_helper.rb +0 -113
- data/spec/ssl_spec.rb +0 -109
- data/spec/uri_escape_spec.rb +0 -21
- data/test.sh +0 -69
- data/tmp/.keep +0 -0
data/spec/ssl_spec.rb
DELETED
@@ -1,109 +0,0 @@
|
|
1
|
-
require 'active_support'
|
2
|
-
require 'spec_helper'
|
3
|
-
|
4
|
-
require 'helpers/errors_matcher'
|
5
|
-
|
6
|
-
require 'webrick'
|
7
|
-
require 'webrick/https'
|
8
|
-
|
9
|
-
describe 'SSL connection' do
|
10
|
-
context 'with an untrusted certificate' do
|
11
|
-
it 'fails' do
|
12
|
-
expect { Conjur::API.login 'foo', 'bar', account: "the-account" }.to \
|
13
|
-
raise_one_of(RestClient::SSLCertificateNotVerified, OpenSSL::SSL::SSLError)
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
context 'with certificate added to the default OpenSSL cert store' do
|
18
|
-
before do
|
19
|
-
cert_store.add_cert(cert)
|
20
|
-
end
|
21
|
-
|
22
|
-
it 'works' do
|
23
|
-
expect { Conjur::API.login 'foo', 'bar', account: "the-account" }.to raise_error RestClient::ResourceNotFound
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
let(:server) do
|
28
|
-
server = WEBrick::HTTPServer.new \
|
29
|
-
Port: 0, SSLEnable: true,
|
30
|
-
AccessLog: [], Logger: Logger.new('/dev/null'), # shut up, WEBrick
|
31
|
-
SSLCertificate: cert, SSLPrivateKey: key
|
32
|
-
end
|
33
|
-
let(:port) { server.config[:Port] }
|
34
|
-
let(:cert_store) { OpenSSL::X509::Store.new }
|
35
|
-
|
36
|
-
before do
|
37
|
-
# Reset configuration to allow each test to use its own stub
|
38
|
-
# of OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.
|
39
|
-
Conjur.configuration = nil
|
40
|
-
stub_const 'OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE', cert_store
|
41
|
-
|
42
|
-
allow(Conjur.configuration).to receive(:authn_url).and_return "https://localhost:#{port}"
|
43
|
-
end
|
44
|
-
|
45
|
-
around do |example|
|
46
|
-
server_thread = Thread.new do
|
47
|
-
server.start
|
48
|
-
end
|
49
|
-
example.run
|
50
|
-
server.shutdown
|
51
|
-
server_thread.join
|
52
|
-
end
|
53
|
-
|
54
|
-
let(:cert) do
|
55
|
-
OpenSSL::X509::Certificate.new """
|
56
|
-
-----BEGIN CERTIFICATE-----
|
57
|
-
MIIDCzCCAfOgAwIBAgIUaApjB95cJZlMTwDg4EBk4Mf1y4swDQYJKoZIhvcNAQEL
|
58
|
-
BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTIxMDQyODIxNTA1OFoYDzQ3NTkw
|
59
|
-
MzI1MjE1MDU4WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
|
60
|
-
AQUAA4IBDwAwggEKAoIBAQC+MIx1LCzBeAl7kHfI21wYmA6W8luyq14+DecaQPMd
|
61
|
-
bW7fMlHSMJC/nlFDQyqmfYfKlVCiJRV/QTdUtA9hCytPlEKjlVmm4WIYLKfjj8Sp
|
62
|
-
A+X9VURk75Fz+Z7UsF8u2J3pF9wFfhBzznwePlFdcWYyQMIRtghoHk/WSsbJVXVQ
|
63
|
-
so7+0BLFyMYB3otfCyK+H/iyoXWLZll2irYZJedVm/lyTlnc9dT1XDAWWI8kSeUV
|
64
|
-
lCkEulqOf8qZyU7wNUafRkzBuYkR7ddp1Qdkq+QYw7blmfZXyJbAYSt4gEMyDMk8
|
65
|
-
ArScP8j+Efz5D54wS7fZFwmQp41+iP5WTxGsSU3dh44fAgMBAAGjUzBRMB0GA1Ud
|
66
|
-
DgQWBBS4ZJDxXOs8rK3+SyfLopDFqK0IWDAfBgNVHSMEGDAWgBS4ZJDxXOs8rK3+
|
67
|
-
SyfLopDFqK0IWDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAE
|
68
|
-
WuzjqQ/gyho/pluX31hq7EMAFgqqz7ECN6DqmvpqabMD6s1kQ662KTo7gCBEcNtA
|
69
|
-
nC7QycFp4v/Cr8+aUEa1W3+q2MqbmshORonUrLE/vxejK+NUvhSCWnmrM8v60zhR
|
70
|
-
pn9lSSgQCBKWDgaU0VQVn0I9MuexeAj64Qv2uUHnZK3QUx+Gk3uurTmhKEN5FI+D
|
71
|
-
sC7xO0qquTZ1Vv1EkLEso4dnFVW84EjdfmfeiW6JmHO7z1p1ebGsRwoQead/qTKw
|
72
|
-
ze+Y1A1w3GzuhDo55aHlWE/Wvnou0aM3O9gUd++a2j+XJ2P7qaTB/L7SJk4qZ9RA
|
73
|
-
t2PbKVP+tyZjXKtXmgzp
|
74
|
-
-----END CERTIFICATE-----
|
75
|
-
""".lines.map(&:strip).join("\n")
|
76
|
-
end
|
77
|
-
|
78
|
-
let(:key) do
|
79
|
-
OpenSSL::PKey.read """
|
80
|
-
-----BEGIN RSA PRIVATE KEY-----
|
81
|
-
MIIEowIBAAKCAQEAvjCMdSwswXgJe5B3yNtcGJgOlvJbsqtePg3nGkDzHW1u3zJR
|
82
|
-
0jCQv55RQ0Mqpn2HypVQoiUVf0E3VLQPYQsrT5RCo5VZpuFiGCyn44/EqQPl/VVE
|
83
|
-
ZO+Rc/me1LBfLtid6RfcBX4Qc858Hj5RXXFmMkDCEbYIaB5P1krGyVV1ULKO/tAS
|
84
|
-
xcjGAd6LXwsivh/4sqF1i2ZZdoq2GSXnVZv5ck5Z3PXU9VwwFliPJEnlFZQpBLpa
|
85
|
-
jn/KmclO8DVGn0ZMwbmJEe3XadUHZKvkGMO25Zn2V8iWwGEreIBDMgzJPAK0nD/I
|
86
|
-
/hH8+Q+eMEu32RcJkKeNfoj+Vk8RrElN3YeOHwIDAQABAoIBAQCnW0ctkDqt3/fQ
|
87
|
-
MHcHWue2iI9GCmvgU+WxC0DSHFcSDQrkAn53S98DjseJPaBZMtr7y9pRY/p/qR6M
|
88
|
-
PYnO5iotc5QUKEbkjy1nglwV5Zuy8kg+XPq7Kwg+GmjGVZDcQybpRuKIPr8xeIBF
|
89
|
-
iKbGaBP6ontjZGAPZqTwN4qm/bkm0QRQkMEVQLpBaOlXjl0BCknhCMgyNA1F0jGc
|
90
|
-
HLqJpFO46qvWDkDaKriMY/ezrkGYxlvV8xGJ2lzoaNWBsQeMXtcDJXuFMJO3lZl4
|
91
|
-
VUjeNbyPprUzL6/kLZGMVFdRWhzKAluJEy3B6zybY4xxmgmifqn8/OxIaT172IXN
|
92
|
-
KACuEorpAoGBAOYZEfuON+73dcstpjq3062+XUOxAAc77aFcGFQ2pqDTUtvoR05R
|
93
|
-
o0uXrSuQqt0/FJVdZqdDx1and6idI7j/LfkOwvmPPg2dJIwKV73T2HdR7BpJaYlI
|
94
|
-
KS6Bgl0AiW2ibjZJbBFJMiINb2tRGeYcOPfWlis309D2DXxl1f1TJTKTAoGBANOZ
|
95
|
-
aDH1VJXh7rdAHrwNonTjoCeYKG7oAh0WTfqmCqcBjAkXsVc7dBd/98XKGS5LPRtl
|
96
|
-
dIaJdYngeYyH5Ey5O2l/63tk0d4sqE8l+GVy+OHFn2AZMuaVXS0JXIQspn4s/U7F
|
97
|
-
CuawmFszE8fv41WgVNhF00ijheoRz/X19yu0ULHFAoGAYmJZ1AutUtowXZ25M+Yh
|
98
|
-
9motCqKF9pHjO1lbdbagbKevCCQ7SPuTLOE/xB7pUAyGyo7TM7XBaAXXHhuCiLlj
|
99
|
-
eNic+YQL7lpApDhP5/TK28oFf//fxjk6ko4Bpa5zFJOdOE0QjhuT+gdwmpxkzIVI
|
100
|
-
vn/cWcJXKUPr5ELOyrBgeU0CgYBWqIUbsLWrjJQPSJtNuOfHp1F35cDpausyrmfR
|
101
|
-
Nx81tlR7hNCEQT0SQr5eqp4Vb4rfJXXLg5A3n08oVp8RLOtAEbuHFYs9ylxDzfEk
|
102
|
-
2ylCjYTv/mHyPUmjoCnbl8237wTutZP5VmmPMCPxxjT8ZGVbDX2ySgYWDqV0vf80
|
103
|
-
TuydYQKBgG24Wpes1CJmKiuWGnPi5I/+iIKZRfpEGidpjnsktkr3O+VZSZNQtDfC
|
104
|
-
uWp/NgMxzxXxYdmmaQTwektB5axrsPUnxxiHmb8KkVU1IcMpYvUulFYiKVvFx+JJ
|
105
|
-
bx/fkItCZ4AP3CG2Onz8xZdosg+c+MEdIlCrg94dA1EmHewCt2Hv
|
106
|
-
-----END RSA PRIVATE KEY-----
|
107
|
-
""".lines.map(&:strip).join("\n")
|
108
|
-
end
|
109
|
-
end
|
data/spec/uri_escape_spec.rb
DELETED
@@ -1,21 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'conjur/id'
|
3
|
-
require 'conjur/api/router/v5'
|
4
|
-
|
5
|
-
describe 'url escaping' do
|
6
|
-
it 'Id to path is escaped' do
|
7
|
-
id = Conjur::Id.new('cucumber:variable:one two/three')
|
8
|
-
expect(id.to_url_path).to eq('cucumber/variable/one%20two%2Fthree')
|
9
|
-
end
|
10
|
-
|
11
|
-
it 'Resources path is escaped' do
|
12
|
-
request = Conjur::API::Router::V5.resources(nil, 'cucumber/two', 'extended variable', {})
|
13
|
-
expect(request.url).to eq('http://localhost:5000/resources/cucumber%2Ftwo/extended%20variable/')
|
14
|
-
end
|
15
|
-
|
16
|
-
it 'Resource path is escaped' do
|
17
|
-
resource = Conjur::Id.new('cucumber:variable:one two/three')
|
18
|
-
request = Conjur::API::Router::V5.resources_resource(nil, resource)
|
19
|
-
expect(request.url).to eq('http://localhost:5000/resources/cucumber/variable/one%20two%2Fthree')
|
20
|
-
end
|
21
|
-
end
|
data/test.sh
DELETED
@@ -1,69 +0,0 @@
|
|
1
|
-
#!/bin/bash -e
|
2
|
-
|
3
|
-
: "${RUBY_VERSION=3.0}"
|
4
|
-
# My local RUBY_VERSION is set to ruby-#.#.# so this allows running locally.
|
5
|
-
RUBY_VERSION="$(cut -d '-' -f 2 <<< "$RUBY_VERSION")"
|
6
|
-
|
7
|
-
|
8
|
-
function finish {
|
9
|
-
echo 'Removing test environment'
|
10
|
-
echo '---'
|
11
|
-
docker-compose down --rmi 'local' --volumes
|
12
|
-
}
|
13
|
-
|
14
|
-
trap finish EXIT
|
15
|
-
|
16
|
-
|
17
|
-
function main() {
|
18
|
-
if ! docker info >/dev/null 2>&1; then
|
19
|
-
echo "Docker does not seem to be running, run it first and retry"
|
20
|
-
exit 1
|
21
|
-
fi
|
22
|
-
# Generate reports folders locally
|
23
|
-
mkdir -p spec/reports features/reports features_v4/reports
|
24
|
-
|
25
|
-
startConjur
|
26
|
-
runTests_5
|
27
|
-
runTests_4
|
28
|
-
}
|
29
|
-
|
30
|
-
function startConjur() {
|
31
|
-
echo 'Starting Conjur environment'
|
32
|
-
echo '-----'
|
33
|
-
|
34
|
-
# We want to pull to make sure we're testing against the newest release;
|
35
|
-
# failing to ensure that has caused many mysterious failures in CI.
|
36
|
-
# However, unconditionally pulling prevents working offline even
|
37
|
-
# with a warm cache. So try to pull, but ignore failures.
|
38
|
-
docker-compose pull --ignore-pull-failures
|
39
|
-
docker-compose build --build-arg RUBY_VERSION="$RUBY_VERSION"
|
40
|
-
docker-compose up -d pg conjur_4 conjur_5
|
41
|
-
}
|
42
|
-
|
43
|
-
function runTests_5() {
|
44
|
-
echo 'Waiting for Conjur v5 to come up, and configuring it...'
|
45
|
-
./ci/configure_v5.sh
|
46
|
-
|
47
|
-
local api_key=$(docker-compose exec -T conjur_5 rake 'role:retrieve-key[cucumber:user:admin]')
|
48
|
-
|
49
|
-
echo 'Running tests'
|
50
|
-
echo '-----'
|
51
|
-
docker-compose run --rm \
|
52
|
-
-e CONJUR_AUTHN_API_KEY="$api_key" \
|
53
|
-
tester_5 rake jenkins_init jenkins_spec jenkins_cucumber_v5
|
54
|
-
}
|
55
|
-
|
56
|
-
function runTests_4() {
|
57
|
-
echo 'Waiting for Conjur v4 to come up, and configuring it...'
|
58
|
-
./ci/configure_v4.sh
|
59
|
-
|
60
|
-
local api_key=$(docker-compose exec -T conjur_4 su conjur -c "conjur-plugin-service authn env RAILS_ENV=appliance rails r \"puts User['admin'].api_key\" 2>/dev/null")
|
61
|
-
|
62
|
-
echo 'Running tests'
|
63
|
-
echo '-----'
|
64
|
-
docker-compose run --rm \
|
65
|
-
-e CONJUR_AUTHN_API_KEY="$api_key" \
|
66
|
-
tester_4 rake jenkins_cucumber_v4
|
67
|
-
}
|
68
|
-
|
69
|
-
main
|
data/tmp/.keep
DELETED
File without changes
|